Hi Jan, Thanks for letting us know. I will explore this and see if it meets my requirements.
On Sun, Feb 5, 2012 at 10:56 PM, Jan Bartel <[email protected]> wrote: > Amaltas, > > I don't know what I was talking about, jetty does implement CSRF > protection, and it is in fact enabled by default! > > See comments I updated on the issue: > https://bugs.eclipse.org/bugs/show_bug.cgi?id=370385 > > Jan > > On 2 February 2012 12:47, Jan Bartel <[email protected]> wrote: > > Amaltas, > > > > See https://bugs.eclipse.org/bugs/show_bug.cgi?id=370385. > > > > In the meanwhile, you can disable putting session ids in links by > > calling SessionManager.setSessionIdPathParameterName(null); > > > > Or alternatively, invalidate and recreate a new session, copying > > across attributes in a filter/servlet/jsp etc. > > > > regards > > Jan > > > > On 2 February 2012 10:17, Amaltas <[email protected]> wrote: > >> > >> > >> _______________________________________________ > >> jetty-users mailing list > >> [email protected] > >> https://dev.eclipse.org/mailman/listinfo/jetty-users > >> > _______________________________________________ > jetty-users mailing list > [email protected] > https://dev.eclipse.org/mailman/listinfo/jetty-users >
_______________________________________________ jetty-users mailing list [email protected] https://dev.eclipse.org/mailman/listinfo/jetty-users
